From 3d4f8431d5d34e0ffaaeee0bfe55c552de3ebdfe Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 10 May 2012 17:34:01 +0000
Subject: [PATCH] Make password change work without default realm

This fix is not very general or clean, but is suitable for backporting
because it is minimally invasive.  A more comprehensive fix will
follow.

(cherry picked from commit b9ff95a51ef11742abc9687a70b6d8324eda6803)

ticket: 7127
version_fixed: 1.10.2
status: resolved
---
 src/lib/krb5/krb/get_in_tkt.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 2dd39478ad..11782ade23 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -465,6 +465,11 @@ build_in_tkt_name(krb5_context context,
     *server = NULL;
 
     if (in_tkt_service) {
+        /* Minimally invasive fix for inability to change password with no
+         * default realm, for backporting. */
+        if (strcmp(in_tkt_service, "kadmin/changepw") == 0)
+            in_tkt_service = "kadmin/changepw@";
+
         /* this is ugly, because so are the data structures involved.  I'm
            in the library, so I'm going to manipulate the data structures
            directly, otherwise, it will be worse. */
-- 
2.47.2